Certificate Inheritance for Multiple Hosts

Question

Certificate Inheritance for Multiple Hosts

I have a working demo with an applet connecting to the server ("A") via https. The server certificate chain is downloaded by the applet through the JKS trust store (myTrustManagerFactory.init (mytrustStore.jks)). It works great.

Now I need this applet to connect to another server ("B") via https. The server certificate is signed by a self-signed CA. Therefore, I need to pass this self-signed CA to the TrustManagerFactory applet.

Is it possible to place it in the same JKS storage as for server "A"? If so, do I need to save this self-signed-in CA using a second alias? I tried this, but I get errors when connecting to server "B". Is there a way to specify server alias "B" for TrustManagerFactory?
Should I use the second JKS or some SSL context "reset" before calling the second server?

Thank you for your help,
Rodolph

+4

java alias ssl truststore

Rodolphe Jan 31 '11 at 23:06

source share

1 answer

Rodolphe · Answer 1 · 2011-02-01T22:51:54+0000

just found a solution on my own:
The "Certificate Chain Error" error message does not reflect the chain problem in Truststore, but rather the chain problem on the server.

So, in case this can help, it’s quite normal to upload multiple Truststore certificates (chain) to trust multiple servers in https. You just need one alias per server (the alias name does not matter) and the certificates (chains) needed to trust this server.

There is no need to reset when switching communications to another server. Just upload all the server certificate chains to a single method myTrustManagerFactory.init (mytrustStore.jks).

Certificate Inheritance for Multiple Hosts

More articles: